目前,我正在尝试让 FreeRadius 服务器与 FreeIPA 服务器通信,通过谷歌搜索,我发现我需要让 FreeRadius 与 Kerberos 通信才能进行用户查找。因此,我创建了一个位于 /etc/raddb/mods-enabled/Krb5 的 Krb5 文件,内容如下:
krb5 {
keytab = /etc/raddb/radius.keytab
service_principal = radius/resolute.akr.iol.unh.edu
}
我已经创建了 keytab 并且该主体确实存在于 FreeIPA 上。
现在我遇到的主要问题是当我使用此命令运行 FreeRadius 来测试它时:
radiusd -X
我收到此错误信息:
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
# Instantiating module "krb5" from file /etc/raddb/mods-enabled/krb5
Using MIT Kerberos library
rlm_krb5 (krb5): Using service principal "radius/[email protected]"
rlm_krb5 (krb5): Using keytab "FILE:/etc/raddb/radius.keytab"
rlm_krb5 (krb5): Initialising connection pool
pool {
start = 5
min = 5
max = 10
spare = 3
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
retry_delay = 1
spread = no
}
rlm_krb5 (krb5): Opening additional connection (0), 1 of 10 pending slots used
rlm_krb5 (krb5): Opening additional connection (1), 1 of 9 pending slots used
rlm_krb5 (krb5): Opening additional connection (2), 1 of 8 pending slots used
rlm_krb5 (krb5): Opening additional connection (3), 1 of 7 pending slots used
rlm_krb5 (krb5): Opening additional connection (4), 1 of 6 pending slots used
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb/radiusd.conf
} # server
server default { # from file /etc/raddb/sites-enabled/default
# Loading authenticate {...}
/etc/raddb/sites-enabled/default[53]: Failed to find "Krb5" as a module or policy.
/etc/raddb/sites-enabled/default[53]: Please verify that the configuration exists in /etc/raddb/mods-enabled/Krb5.
/etc/raddb/sites-enabled/default[53]: Failed to parse "Krb5" entry.
这个输出还有更多内容,但我只放了我认为重要的内容。
正如您在最后三行中看到的,它说配置文件不存在,但显然它存在。另一个奇怪的事情是,如果您查看前几行,它甚至会从 Krb5 文件中读取并输出其中的内容。所以除非我遗漏了什么,否则我不明白这里出了什么问题,以及为什么即使文件存在,它仍会因这个错误而不断失败。
答案1
看起来是大写问题。您将 kerberos 模块列为Krb5,但实例名称却是krb5。